<?php

!defined('DEBUG') AND exit('Access Denied.');

$action = param(1);

if($action == 'login') {
	
	if(admin_authority_check()) header("Location:.");
	if($method == 'GET') {
		$header['title'] = "后台登录";
		include _include(ADMIN_PATH."view/htm/index_login.htm");
	} else if($method == 'POST') {
		$username = param('username');
		$password = param('password');
		$admin = db_find_one('user',array('username'=>$username));
        //白名单检测
		if($admin['allow_ips']!='' && strpos($admin['allow_ips'],$ip)===false){//不在白名单内
			message('username', 'IP不在白名单内');
		}
        $yzm = param('yzm');
        if(!is_numeric($yzm)){
            message('yzm', '验证码不合法');
        }
        $sta = checkSms($yzm,$admin['uid']);
        if(!$sta){
            message('yzm', '验证码不对哦');
		}
		//
		if(!$admin || md5($password.$admin['salt'])!=$admin['password']) message('password', '密码错误');
		if($admin['is_admin']!=1) message('username', '该用户无权限');
		admin_token_set();
		db_update('smscode',array('uid'=>$admin['uid'],'smscode'=>$yzm),array('status'=>1));
		message(0, jump('登录成功', '.'));
	}

}elseif ($action=='sendAdmin'){
    $username = param('username');
    $arr = db_find_one('user',array('username'=>$username,'is_admin'=>1));
    if(empty($arr)){
        message(1, '没有找到该账号');
    }elseif (!$arr['info_mobile']){
        message(1, '该账号没有手机号');
    }
    require APP_PATH."/sms/demo/sendSms.php";
    $code = randNum();
    $sta = sendSms($arr['info_mobile'],$code);
    if($sta->Code=='OK'){
        $arr = array(
            'uid'=>$arr['uid'],
            'smscode'=>$code,
            'time'=>strtotime(date('Y-m-d H:i:s'))
        );
        $addsta = db_insert('smscode',$arr);
        json(array('data' => '发送成功', 'code' => 1));
    }else{
        json(array('data' => '短信发送失败哦，请联系管理员', 'code' => -1));
    }
}
elseif ($action == 'logout') {

	admin_token_clean();
	header("Location:".url('index-login'));

} else if($action == 'reminds'){
	
//	$type = param(2);
//	$remind = file_get_contents('../tmp/'.'remind-'.$type.'.txt');
//	message(0, $remind);

} else {

	if(!admin_authority_check()) header("Location:".url('index-login'));
	$header['title'] = '后台总览';
	$info = array();
	$info['disable_functions'] = ini_get('disable_functions');
	$info['allow_url_fopen'] = ini_get('allow_url_fopen') ? '是' : '否';
	$info['safe_mode'] = ini_get('safe_mode') ? '是' : '否';
	empty($info['disable_functions']) && $info['disable_functions'] = lang('none');
	$info['upload_max_filesize'] = ini_get('upload_max_filesize');
	$info['post_max_size'] = ini_get('post_max_size');
	$info['memory_limit'] = ini_get('memory_limit');
	$info['max_execution_time'] = ini_get('max_execution_time');
	$info['dbversion'] = $db->version();
	$info['SERVER_SOFTWARE'] = _SERVER('SERVER_SOFTWARE');
	$info['HTTP_X_FORWARDED_FOR'] = _SERVER('HTTP_X_FORWARDED_FOR');
	$info['REMOTE_ADDR'] = _SERVER('REMOTE_ADDR');
	
	$today = strtotime('today');
	$month = strtotime(date('Y-m-1'));
	$stat = array();
	$stat['user_total'] = db_count('user',array('is_admin'=>0));
	$stat['user_today_register'] = db_count('user',array('create_time'=>array('>'=>$today)));
	$stat['disk_free_space'] = function_exists('disk_free_space') ? humansize(disk_free_space(APP_PATH)) : lang('unknown');
	$stat['cash_total'] = db_find_one('order_cash', array('status'=>'已审核'), array(), array('sum(coin) as total'));
	$stat['cash_today'] = db_find_one('order_cash', array('time'=>array('>'=>$today),'status'=>'已审核'), array(), array('sum(coin) as total'));
	$stat['cash_month'] = db_find_one('order_cash', array('time'=>array('>'=>$month),'status'=>'已审核'), array(), array('sum(coin) as total'));
	$stat['order_total'] = db_find_one('order', array('status'=>1), array(), array('sum(coin) as total'));
	$stat['order_today'] = db_find_one('order', array('status'=>1,'time'=>array('>'=>$today)), array(), array('sum(coin) as total'));
	$stat['order_month'] = db_find_one('order', array('status'=>1,'time'=>array('>'=>$month)), array(), array('sum(coin) as total'));

	include _include(ADMIN_PATH.'view/htm/index.htm');

}
function checkSms($code,$uid){
    $arr = db_find_one('smscode',array('uid'=>$uid,'smscode'=>$code));
    if(empty($arr)){
        return false;
    }elseif ($arr['status']==1){
        return false;
    }else{
        $now = strtotime(date('Y-m-d H:i:s'));
        if (($arr['time']+90)<$now) {
            return false;
        }else{
            return true;
        }

    }
}

function randNum(){
    $num = rand(1000,9999);
    return $num;
}
?>
